The Assistant Vice President, Office of Information Security (OIS) will serve as the lead member of the Office of Information Security (OIS) team and will report to Vice President Information Technologies, CIO. The AVP, OIS is a member of the CIO leadership team and serves a key role in university leadership, working closely with senior administration, academic leaders, and the campus community. The AVP, OIS is an advocate for the Institution's total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university. The AVP, OIS is responsible for leading a University wide security program that leverages collaborations and campus-wide resources, facilitates information security governance, advises senior leadership on security direction and resource investments, and designs/maintains appropriate policies to manage information security risk. This position and its’ role at the University requires a leadership approach that is engaging and collaborative resulting in the ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
Responsible for the strategic leadership of the University's information security program.
Provide guidance and counsel to the CIO and key members of the university leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security.
Manage institution-wide information security governance processes, co-chair the Information Technologies Governance Security Topical Committee.
Lead information security program for the entire institution in support of academic, research, and administrative information systems and technology.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level.
Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Mentor the Information Security Office team members and implement professional development plans for all members of the team.
Policy, Compliance and Audit
Maintain the implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.
Work with Internal Audit, General Counsel’s Office and outside consultants as appropriate on required security assessments and audits.
Coordinate and track all information technology and security related audits. Work with auditors as appropriate to provide guidance, evaluation and advocacy on audit responses.
Work with University compliance leadership to develop and maintain a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, and FISMA.
Outreach, Education and Training
Work closely with IT leaders, deans and administrative leaders across campus to understand the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit's research areas.
Work with campus groups to build awareness and a sense of common purpose around security.
Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
Risk Management and Incident Response
Keep abreast of security incidents and act as primary control point during significant information security incidents.
Provide leadership for breach response and notification actions for the University.
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Continue to be a part of the acquisition of new technologies and their impacts on the University’s overall information security.
Bachelor's degree in Computer Science, Information Systems, Information Technology, Computer Engineering, Business or related degree and seven (7) years of experience; or an Associate's degree with nine (9) years of experience; or a combination of relevant education and ten (11) years of experience.
Thorough understanding of commonly-used concepts, practices, and procedures related to information security; contributes through experience, collaboration, and problem resolution.
Knowledge of IT compliance related a) risk assessment and management, (b) policies and procedures, (c) training and awareness, (d) auditing and monitoring, and (e) research.
ADDITIONAL QUALIFICATIONS CONSIDERED
Experience managing a security office in a higher education environment.
Certification in security field such as CISSP or CISM.
Interested and qualified candidates must complete an online application and include a letter of interest, detailing your interest and qualifications for the position.
The University of Cincinnati, as a multi-national and culturally diverse university, is committed to providing an inclusive, equitable and diverse place of learning and employment. As part of a complete job application you will be asked to include a Contribution to Diversity and Inclusion statement.
As a UC employee, and an employee of an Ohio public institution, if hired you will not contribute to the federal Social Security system, other than contributions to Medicare. Instead, UC employees have the option to contribute to a state retirement plan (OPERS, STRS) or an alternative retirement plan (ARP).
The University of Cincinnati is an Affirmative Action / Equal Opportunity Employer / Minority / Female / Disability / Veteran.
SF:OMJ SF:RM SF:INS SF:INS
Internal Number: 43361-en_US
About University of Cincinnati
HISTORY IN BRIEF - The University of Cincinnati is a public urban serving research institution that was founded in 1819 and today is one of the country’s largest universities offering more than 350 academic programs to more than 44,000 students. UC has many top ranked programs in areas such as Music and Arts, Medical and Human-Services, Criminal Justice and more. Located in an urban setting, UC is close to the heart of Cincinnati and allows easy access for students to enjoy all that the city offers. UC is also the alma mater of many notables such as President William Howard Taft; Albert Sabin, developer of the oral polio vaccine; Astronaut Neil Armstrong and Mary Weinberg, 2008 Olympic gold medalist. UC is classified as a Research University (Very High Research Activity) by the Carnegie Commission and is ranked as one of America’s top 35 public research universities by the National Science Foundation. UC jumped 17 spots in the U.S. News & World Report rankings in the past two years alone. In addition to being named a “green university” by Princeton Review, UC has been named one of the world’s most beautiful campuses by Forbes and Delta Sky magazines. Learn more at www.uc.edu.MISSIO...N STATEMENT - The University of Cincinnati serves the people of Ohio, the nation, and the world as a premier, public, urban research university dedicated to undergraduate, graduate, and professional education, experience-based learning, and research. We are committed to excellence and diversity in our students, faculty, staff, and all of our activities. We provide an inclusive environment where innovation and freedom of intellectual inquiry flourish. Through scholarship, service, partnerships, and leadership, we create opportunity, develop educated and engaged citizens, enhance the economy and enrich our University, city, state and global community.